PSP / PS3 PKG Decrypter and Extractor v.1.0.0.0 is Released

Today Mathieulh has released a PSP / PS3 PKG Decrypter and Extractor v.1.0.0.0 for decrypting and extracting PlayStation 3, PlayStation Portable and mixed game package files via PC followed by updates from daGraveR and mysis below.

To quote from the ReadMe/Twitter: btw if you don't want to mess with the whole packages algo stuff, just use AES CTR with the package key iv at 0x70 in the package. Sorry I forgot to include the readme in the fixed release, this is now fixed as well. btw that hmac key was fail, don't use it, another is actually used.

It's not really signed, just encrypted with AES and HMAC. woops I forgot to enable the button when I cleaned up the app (yeah I fail, gonna do a small re-release xD) btw I forgot to mention in the readme this is not the 1:1 algorithm, it's been improved, it extracts pkgs roughly 3 times as fast as on ps3.

Just open the package you want to extract or drag and drop it and click on "Extract package"

Can I run this on Linux ?

Sorry this app is windows only, however full sources have been supplied along with it so feel free to make a Linux port out of it, you have my blessing.

Can This encrypt/sign my game packages ?

NO, when this application was written, the main concern was about packages decryption, so that part was kinda skipped, however it is trivial to do the reverse operation, remember, sources are supplied.

Here is the little story, this little app was done since litterally AGES , distributed to a very small amount of people, and was conveniently designed and used to decrypt packages and repack them on our debug consoles so we wouldn't have to QA flag them to update our games or install games we purchased from the ps store.

The algorithm was a bit of a pain to reverse but the keys could be easily grabbed with a lv2 exploit. So here we are, this app was done but the problem is it couldn't be leaked because I and a few other people who were entrusted with it, were kinda afraid that sony would change the keys and fix whatever exploits we had (turned out they didn't) but since we can now get whatever
new keys they add/change this has become a quite irrelevant concern. The next concern was piracy.

There was nothing at the time justifying a release for that application, most people would just not have a legit use for it so releasing was out of the question.

So what changed our minds ? Well, ccc happened, and Segher (props to him !) figured how to conveniently calculate private keys and suddenly a legit use appeared, as people would/might need to encrypt their packages to install their own signed apps onto their consoles. This is not a 1:1 algorithm port as it's been improved, thus the decryption happens 3 times as fast as on playstation 3.

Since people suddenly became interested in the game packages format, we just thought releasing that app would spare them the (hours of) work of reversing the encryption algorithm and that this code would not go to waste.

Special thanks to someone who helped a lot but wishes to remain anonymous.

Greetings to Segher whom, I believe people tend to forget too often.

Update: From mysys: PSP PS3 PKG Decrypter Extractor v.1.0.0.1-bin

As you might remember back then, mathieulh had released a PS3 PSP PKG Decrypter & Extractor plus sources and as you might remember it was kind of buggy... so, here’s a fixed version, sources including..

fixed >4gb files supported

fixed decryption bug -> ” elapsed =+ dumpFile.Length; ”

added key switch support (psp remasters)

fixed/killed first decrypt routine... now directly goes into unpack+decrypt

added output folder-selection

/mysis

P.S: Did not fix speed issue, tell that to mathieulh and the shtty coding.

It's all good that we can decrypt and decode stuff but the re-encrypting and recoding is the problems and programs we are after as well.

I think this will happen soon enough, because of what he stated above: "Can This encrypt/sign my game packages ?

NO, when this application was written, the main concern was about packages decryption, so that part was kinda skipped, however it is trivial to do the reverse operation, remember, sources are supplied."